package pers.jason.wppm.security;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

import org.springframework.social.security.SpringSocialConfigurer;
import pers.jason.wppm.security.authentication.DefaultAuthenticationFailureHandler;
import pers.jason.wppm.security.authentication.DefaultAuthenticationSuccessHandler;
import pers.jason.wppm.security.core.authentication.SecurityMobileAuthenticationConfig;
import pers.jason.wppm.security.core.properties.SecurityProperties;
import pers.jason.wppm.security.core.validate.code.ValidateCodeConfig;

/**
 * 
 * @author Jason
 * @Date 2018-10-26 17:00
 *
 */
@Configuration
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {

	
	private Logger logger = LoggerFactory.getLogger(getClass());

	@Autowired
	private LogoutSuccessHandler logoutSuccessHandler;
	
	@Autowired
	private DefaultAuthenticationSuccessHandler authenticationSuccessHandler;
	
	@Autowired
	private DefaultAuthenticationFailureHandler authenticationFailureHandler;
	
	@Autowired
	private SecurityProperties securityProperties;
	
	@Autowired
	private PersistentTokenRepository persistentTokenRepository;
	
	@Autowired
	private UserDetailsService userDetailsService;
	
	@Autowired
	private ValidateCodeConfig validateCodeAuthenticationConfig;
	
	@Autowired
	private SecurityMobileAuthenticationConfig mobileAuthenticationConfig;

	@Autowired
	private SpringSocialConfigurer springSocialConfigurer;
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		logger.info("初始化Spring Security配置...");
		logger.info("social注册地址是：" + securityProperties.getBrowser().getSignUpUrl());
		http
		.apply(validateCodeAuthenticationConfig) //开启校验码功能
		.and()
		.apply(mobileAuthenticationConfig) //开启短信验证功能
		.and()
		.apply(springSocialConfigurer) //社交账号登录
		.and()
			.formLogin()
				.loginPage(securityProperties.getBrowser().getRequestLoginUrl())
				.loginProcessingUrl(securityProperties.getBrowser().getFormLoginUrl())
				.successHandler(authenticationSuccessHandler)
				.failureHandler(authenticationFailureHandler)
			.and()
			.authorizeRequests()
				.antMatchers(
						securityProperties.getBrowser().getRequestLoginUrl()
						, securityProperties.getBrowser().getFormLoginUrl()
						, securityProperties.getBrowser().getMobileLoginUrl()
						, securityProperties.getBrowser().getLoginPage()
						, securityProperties.getBrowser().getSignUpUrl()
						, "/social/bind"
						, "/code/image", "/code/sms", "/**/*.js", "/**/*.css", "/**/*.font", "/**/*.png", "/**/*.jpg", "/**/*.woff"
						, "/**/*.gif", "/**/*.woff2").permitAll()
				.anyRequest()
				.authenticated()
			.and()
			.rememberMe()
				.tokenRepository(persistentTokenRepository)
				.tokenValiditySeconds(securityProperties.getBrowser().getRememberMeExpire())
				.userDetailsService(userDetailsService)
			.and()
			.logout()
				.logoutUrl(securityProperties.getBrowser().getRequestLogoutUrl())
				.logoutSuccessHandler(logoutSuccessHandler)
			.and()
			.csrf()
				.disable()
			.headers().frameOptions().sameOrigin();
	}
	
	
	
}
